Closed m-esm closed 4 years ago
Hi @m-esm,
I do not think that using the Authorization
header for anything else than auth* is a good idea (and neither is having two auth headers in one request), so I do not plan to support that use case.
However, you can achieve that using middleware before my middleware that swaps / caches the header. Alternatively, wait for v2, which will allow req
as an argument for custom authorizers.
But again, I highly recommend to rethink your design here.
Closing this for now.
@LionC thanks for your response, it was for a situation that we couldn't change the actual project but we wanted to add an extra layer of security just for precaution. it happens occasionally in security teams which getting to secure a project with a "bad design". we usually use Nginx-basic-auth-proxy for this matter. but I wanted to try a different way to enable identifying basic auth credential user which is not possible if you cache/swap your header keys.
Hi guys,
first of all thanks for sharing this repo.
I needed custom header key for my project, which already uses "authorization" key for another need.